drj logo

"*" indicates required fields

Name*
Region*
Please enter a number from 0 to 100.
Strength indicator
I agree to the Terms of Service and Privacy Policy*
Yes, of course I want to receive emails from DRJ!
This field is for validation purposes and should be left unchanged.

Already have an account? Log in

drj logo

Welcome to DRJ

Already registered user? Please login here

Login Form

Register
Forgot password? Click here to reset

Create new account
(it's completely free). Subscribe

x
DRJ Fall 2025 Dallas Show
Skip to content
Disaster Recovery Journal
  • EN ESPAÑOL
  • SIGN IN
  • SUBSCRIBE
  • THE JOURNAL
    • Why Subscribe to DRJ
    • Digital Edition
    • Article Submission
    • DRJ Annual Resource Directories
    • Article Archives
    • Career Spotlight
  • EVENTS
    • DRJ Fall 2025
    • DRJ Spring 2025
    • DRJ Scholarship
    • Other Industry Events
    • Schedule & Archive
    • Send Your Feedback
  • WEBINARS
    • Upcoming Webinars
    • On Demand
  • MENTOR PROGRAM
  • DRJ ACADEMY
    • DRJ Academy
    • Beginner’s Guide to BC
  • RESOURCES
    • New to Business Continuity?
    • White Papers
    • DR Rules and Regs
    • Planning Groups
    • Business Resilience Decoded
    • DRJ Glossary of Business Continuity Terms
    • Careers
  • ABOUT
    • Advertise with DRJ
    • DEI
    • Board and Committees
      • Executive Council Members
      • Editorial Advisory Board
      • Career Development Committee
      • Glossary Committee
      • Rules and Regulations Committee
  • Podcast

Insider Threat Awareness Month: Experts Discuss Preventing Cyber Attacks

by Jon Seals | September 15, 2021 | | 0 comments

Insider Threat Awareness Month was created back in 2019 by several U.S. federal agencies to emphasize the importance of safeguarding our nation by detecting, deterring and mitigating insider threats. It serves as an annual reminder on the dangers these threats pose to companies around the globe. 

While the month has raised awareness to these risks, insider threats are still a very common problem for businesses, highlighting the need for continued action. According to IBM, 60% of companies have over 20 incidents of insider attacks a year and the cost related to these incidents was more than $2.7 million in 2020. 

In honor of the month, experts have gathered their thoughts on preventing insider threats below:

Carl D’Halluin, CTO, Datadobi 

“Predicting exactly when an insider threat will occur is nearly impossible. However, promoting awareness of the chances of an insider incident can help enterprises prepare themselves properly and enhance their overall data management strategy.

A successful insider attack can create long-lasting downtime for an organization which impacts its revenue and reputation. Enterprises need to have a plan in place to protect themselves from the aftereffects that come with an insider threat. As organizations increasingly rely on unstructured data to perform day-to-day business-critical functions, they need to maintain prompt access to their data in the event of a disruption.

An effective way to avoid downtime in the event of an insider threat is creating a ‘golden copy’ of business-critical data. Enterprises should maintain a secure golden copy of unstructured data in an air-gapped physical or cloud-based location. Limiting access to a golden copy in addition to a traditional backup strategy decreases the chances of downtime either from an accidental human error or malicious insider threat.”

Raffael Marty, SVP Cybersecurity Products, ConnectWise

“Insider threat is a complex and multi-faceted problem and while the topic most often comes up in the context of larger organizations, the general principles to prevent insider abuse are applicable to organizations of all scales. A comprehensive security program that covers both preparedness and visibility is the foundation to successful early identification of looming insider issues. Preparedness is about planning for the day that something happens and it should cover simple things like what the organization does when an employee leaves and goes all the way to establishing preparedness for a sabotage event like ransomware or electronic time bombs. Visibility is about having line of sight to potential adverse actions. It starts with monitoring devices, but expands to understanding what employees are doing and making sure they are trained on cyber security issues like phishing, which is still one of the main initial vectors of attacks.” 

Steve Moore, Chief Security Strategist, Exabeam

“As organizations remain remote or begin their transition to hybrid work models, the risk of insider threats is more present than ever. Therefore, enterprises must recognize the severity of this form of attack.

Legitimate users performing unwanted or dangerous activity always prove more difficult to detect than typical external threats. Though most insider threats are unintentional and typically occur by accident, the damage they cause can still impact business outcomes and stability.

To add complexity to this already difficult problem, there have been examples of criminal attackers who now offer a cut of the proceeds if an employee assists in deploying ransomware. How many disgruntled or underappreciated employees might consider this opportunity?

When irregular behavior is detected, it should be taken seriously as a possible attack. Various indicators of insider threats exist, and a crucial step in protecting against them is recognizing those signs and establishing a threshold of normal for employees. Unfortunately, most organizations lack the capability to know normal human and device behavior.

Proper training feedback loops, visibility, and effective technology are the key to guarding against insider threats. In addition, utilizing behavioral analytics that can track and analyze user and machine data is critical.

Behavioral analytics technology can identify threats lurking within an organization by determining whether certain behaviors are normal or a potential cause for alarm. For example, has this employee from this department ever signed into this system before, anyone from her department? Unfortunately, finding the answer to these questions (and many more) during an incident can prove near impossible at worst and inconsistent at best without investing in the correct capabilities.

Different kinds of unusual activity that are typical signs of insider threats, such as large data uploads, credential abuse, or unusual access patterns, can be detected by behavioral analytics. As a result, the technology can find these suspicious behaviors among often unknowingly compromised insiders well before cybercriminals can gain access to critical systems — significantly decreasing the chances of data compromise.”

Alex Pezold, CEO, TokenEx

“Although standard controls such as logging and tracking, identity and access management, and internal policies and training are all essential elements of a robust security strategy to address insider threats, none can prevent the exposure of sensitive data in the event of a breach. Therefore, data protection is also a critical component of this value chain. We’ve seen our customer base use tokenization to satisfy their needs for greater data protection while enabling their Zero Trust principles more effectively.

“By using tokenization, companies can minimize risk by removing sensitive data from their environments so that it cannot be compromised if their internal systems are breached. So even if a security control fails and allows a database to be accessed, only tokens will be available to the intruder while the original sensitive data is safely stored offsite.”

Neil Jones, cybersecurity evangelist, Egnyte 

“Responsible companies consistently update their cyberattack prevention plans and implement measures that protect them from falling victim to potential attacks. As vigilant as they might be, most organizations overlook an important contributor to cyberattacks: insider threats. 

This is not surprising, because companies need to trust their employees in order to succeed. But with employee trust needs to come employer validation and monitoring of their users’ behavior. 

While not all insider threats are malicious, they can be even more devastating than external attacks. Critical contributors to insider threats are employee turnover, poor data governance controls and negligence. If employees resign, they can extract information from your files that could benefit them in their new jobs with competitors, or even worse, publicly embarrass your organization. That process is referred to as exfiltration. A good first step to prevent “data leakage” is to utilize a data governance platform that leverages machine learning, so that sensitive information is available to the correct organizational users, based on their business “need to know.” 

Negligence can be combated with proper training, and by limiting access to files across the company. There is no reason that someone in the finance department should have access to roadmapped product development plans, without justifying their request with the product development team first. Limiting the spread of internal information will also enable your system to prioritize threats to your sensitive data. The best way to thwart a potential attack is by having a proactive approach in place that detects misuse before it’s too late.”

Surya Varanasi, CTO, StorCentric:

“September 2021 marks the third year of National Insider Threat Awareness Month (NITAM), which according to the NITAM website aims to help prevent “exploitation of authorized access to cause harm to an organization or its resources.” While the month focuses on national security, this issue is of course inextricably linked with organizational security as well. When enterprises think about ransomware attacks, the focus is often on guarding against external threats, of which there are many. Yet companies must remember and be prepared to defend against threats from inside their organization too.

Three words hold the key to achieving this: protect, detect and recover. Given the prevailing stats, such as those from the Ponemon Institute, the likelihood of an insider threat existing and then leading to a successful data breach is high and growing rapidly. It is therefore critical that the recovery piece be firmly in place. Two highly critical best practices here relate to your data backups. Organizations must ensure they have unbreakable and immutable backups. The ideal solution(s) should include features like file fingerprinting, file redundancy, file serialization, secure timestamp, and auto file repair, as well as the necessary capabilities to ensure regulatory compliance. And the admin keys should be stored in another location for added protection. Next, the solution should provide immutability and allow the user to lock backups for a predetermined period of time: an “immutable retention period,” during which they cannot be deleted, moved or altered in any way.

Corporate defenses should be equal to the level of threat—which means assuming the worst and putting the best solution in place, particularly when it comes to ensuring recovery. By having impenetrable recovery solutions in place for internal threats as well as external ones, organizations can protect their most valuable data assets and ensure the longevity of their business.”

Danny Lopez, CEO, Glasswall

“It seems like every day there is a headline about another company falling victim to a cyberattack. What many companies fail to realize is that not all threats come from outside sources. In fact, insider threats have increased by 47% in the past two years. While it’s easier to assume it could never happen to your organization, taking responsibility for your security before an attack occurs is always the best option. 

Not all insider threats are malicious. In fact, many victims are completely unaware that their credentials were compromised in the first place. Employee training can be helpful in some cases, but it often overlooks the sophistication of cybercriminals and can create a fear-based culture where people are afraid to come forward if they’ve made a mistake. 

Your employees should not be your only line of defense against cyberattacks. Instead, your leadership teams should understand where your risk factors are and implement proactive technologies, such as Content Disarm and Reconstruction (CDR), which can deliver instant protection. In the face of increasing risk and intricate attacks, there’s no better time to make cybersecurity a top priority.”

Related Content

  1. Disaster Recovery Journal
    More Experts Discuss Cybersecurity Awareness Month
  2. Disaster Recovery Journal
    Hackers Don’t Rest: Expert Advice this Cybersecurity Awareness Month
  3. Disaster Recovery Journal
    DRJ Fall 2018 Q&A

Recent Posts

SecurityBridge Teams Up With Microsoft To Enhance SAP Security With Microsoft Sentinel

May 13, 2025

Backblaze Drive Stats for Q1 2025

May 13, 2025

Sectigo and Altron Security Announce Strategic Channel Partnership to Enhance Certificate Lifecycle Management in South Africa

May 13, 2025

Asigra Unveils SaaSAssure 2025 Featuring Granular Restore and Autodiscovery for Key Business Apps

May 13, 2025

STACK Infrastructure Closes $1.4 Billion in Green Financing to Support its Growing Portfolio of Stabilized Hyperscale Assets

May 13, 2025

Stackpack Raises $6.3M to Solve the $475B Vendor Chaos Problem

May 13, 2025

Archives

  • May 2025 (32)
  • April 2025 (91)
  • March 2025 (57)
  • February 2025 (47)
  • January 2025 (73)
  • December 2024 (82)
  • November 2024 (41)
  • October 2024 (87)
  • September 2024 (61)
  • August 2024 (65)
  • July 2024 (48)
  • June 2024 (55)
  • May 2024 (70)
  • April 2024 (79)
  • March 2024 (65)
  • February 2024 (73)
  • January 2024 (66)
  • December 2023 (49)
  • November 2023 (80)
  • October 2023 (67)
  • September 2023 (53)
  • August 2023 (72)
  • July 2023 (45)
  • June 2023 (61)
  • May 2023 (50)
  • April 2023 (60)
  • March 2023 (69)
  • February 2023 (54)
  • January 2023 (71)
  • December 2022 (54)
  • November 2022 (59)
  • October 2022 (66)
  • September 2022 (72)
  • August 2022 (65)
  • July 2022 (66)
  • June 2022 (53)
  • May 2022 (55)
  • April 2022 (60)
  • March 2022 (65)
  • February 2022 (50)
  • January 2022 (46)
  • December 2021 (39)
  • November 2021 (38)
  • October 2021 (39)
  • September 2021 (50)
  • August 2021 (77)
  • July 2021 (63)
  • June 2021 (42)
  • May 2021 (43)
  • April 2021 (50)
  • March 2021 (60)
  • February 2021 (16)
  • January 2021 (554)
  • December 2020 (30)
  • November 2020 (35)
  • October 2020 (48)
  • September 2020 (57)
  • August 2020 (52)
  • July 2020 (40)
  • June 2020 (72)
  • May 2020 (46)
  • April 2020 (59)
  • March 2020 (46)
  • February 2020 (28)
  • January 2020 (36)
  • December 2019 (22)
  • November 2019 (11)
  • October 2019 (36)
  • September 2019 (44)
  • August 2019 (77)
  • July 2019 (117)
  • June 2019 (106)
  • May 2019 (49)
  • April 2019 (47)
  • March 2019 (24)
  • February 2019 (37)
  • January 2019 (12)
  • ARTICLES & NEWS

    • Business Continuity
    • Disaster Recovery
    • Crisis Management & Communications
    • Risk Management
    • Article Archives
    • Industry News

    THE JOURNAL

    • Digital Edition
    • Advertising & Media Kit
    • Submit an Article
    • Career Spotlight

    RESOURCES

    • White Papers
    • Rules & Regulations
    • FAQs
    • Glossary of Terms
    • Industry Groups
    • Business & Resource Directory
    • Business Resilience Decoded
    • Careers

    EVENTS

    • Fall 2025
    • Spring 2025

    WEBINARS

    • Watch Now
    • Upcoming

    CONTACT

    • Article Submission
    • Media Kit
    • Contact Us

    ABOUT DRJ

    Disaster Recovery Journal is the industry’s largest resource for business continuity, disaster recovery, crisis management, and risk management, reaching a global network of more than 138,000 professionals. Offering weekly webinars, the latest industry news, rules and regulations, podcasts, the industry’s only official mentoring program, a quarterly magazine, and two annual live conferences, DRJ is leading the way to keep professionals up-to-date and connected in an ever-changing world.

    LEARN MORE

    LINKEDIN AND TWITTER

    Disaster Recovery Journal is the leading publication/event covering business continuity/disaster recovery.

    Follow us for daily updates

    LinkedIn

    @drjournal

    Newsletter

    The Journal, right in your inbox.

    Be informed and stay connected by getting the latest in news, events, webinars and whitepapers on Business Continuity and Disaster Recovery.

    Subscribe Now
    Copyright 2025 Disaster Recovery Journal
    • Terms of Use
    • Privacy Policy